public key based authentication

Objective: To run a command on a remote linux machine without entering a password.

Remote Linux Machine (10.1.10.6)

Local Machine (10.1.10.20)

Steps for Local Machine:

1. Generate a public key with command

ssh-keygen -t dsa

Generating public/private dsa key pair.
Enter file in which to save the key (/home/anuj/.ssh/id_dsa):
Created directory '/home/anuj/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/anuj/.ssh/id_dsa.
Your public key has been saved in /home/anuj/.ssh/id_dsa.pub.
The key fingerprint is:
6e:c0:f4:ad:d7:97:37:e6:09:9a:56:ee:79:48:5f:92 anuj@node2.example.com

Copy generated ‘id_dsa.pub‘ on remote server as ‘authorized_keys’ in ‘.ssh’ under the home directory of intended user for remote command execution. Here in example remote user being used is ‘root‘ of remote machine 10.1.10..6

scp .ssh/id_dsa.pub root@10.1.10.6:.ssh/authorized_keys

The authenticity of host '10.1.10.6 (10.1.10.6)' can't be established.
RSA key fingerprint is 5d:17:94:69:22:6b:c0:99:79:c2:ff:7e:2d:86:9b:d7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.1.10.6' (RSA) to the list of known hosts.
root@10.1.10.6's password:
id_dsa.pub                            100%  617     0.6KB/s   00:00

Test the configuration by executing some command as follows: (example command used is ‘uptime‘

 ssh root@10.1.10.6  uptime

 12:14:43 up  23:18,  0 users,  load average: 0.00, 0.03, 0.05

anujhere@gmail.com

I am adding very brief info here, will try to add details regarding options used when have time.

Server=http://anuj.sytes.net (Red Hat Enterprise Linux 5)

Client=any other unix based machine.

On the rsync server

Create  /etc/rsyncd.conf

uid = nobody
gid = nobody
use chroot = no
max connections = 4
syslog facility = local5
pid file = /var/run/rsyncd.pid

[ftp]
path = /var/ftp/pub/xyz
hosts allow = 87.227.31.168
auth users =  anujhere
read only = false
write only = false
secrets file = /etc/rsyncd.secrets
comment = whole ftp area (approx 6.1 GB)

Create /etc/rsyncd.secrets file

anujhere:p@ss

Enable rsync service by editing /etc/xinetd.d/rsync, change `disable = yes` to `disable = no`

# default: off

# description: The rsync server is a good addition to an ftp server, as it \

#       allows crc checksumming etc.

service rsync

{

disable = no

socket_type     = stream

wait            = no

user            = root

server          = /usr/bin/rsync

server_args     = --daemon

log_on_failure  += USERID

}

Reload/Restart the xinetd service:

/sbin/service xinetd restart

On the host

Create a password file. say ~user/.rhosts with password.

p@ss

chmod 600 ~user/.rhosts

Copy files from rsync server to host

rsync --password-file ~anujhere/.rhosts -rcvh rsync://anuj.sytes.net/ftp /path/to/destination

Copy files from host to rsync server

rsync –password-file ~anujhere/.rhosts -rcvh . rsync://anuj.sytes.net/ftp

Linux Heartbeat “Provide a high availability (clustering) solution for Linux which promotes reliability, availability, and serviceability (RAS) through a community development effort.”

As the linux-heartbeat is not yet shipped with Red Hat Enterprise Linux, one can use rpm’s from the clone operating system of RHEL i.e. Centos a 100% binary compaitable with redhat. The rpm from centos extras repository is not yet updated, I found difficulties getting heartbeat installation, tried the heartbeat-2.1*.el5.centos.src.rpm but same error, though the second attempt of rpm installation was not showing any error and installation succeeds, but for a production enviornment or self satisfaction with the work it is not acceptable. The error is like:

rpm -ivh /usr/src/redhat/RPMS/i386/heartbeat-2.1.3-1.i386.rpm
useradd: user hacluster exists
error: %pre(heartbeat-2.1.3-1.i386) scriptlet failed, exit status 9
error: install: %pre scriptlet failed (2), skipping heartbeat-2.1.3-1

Next attempt I tried with open suse linux rpm’s in which I had a different error due to minor bug in heartbeat.spec file, thanks to ‘bleve’ for helping me out and ‘lmb’ who updated the heartbeat.spec for Open Suse, now rpm’s from open suse site are working and updated, avialable on http://download.opensuse.org/repositories/server:/ha-clustering:/lha-2.1/RHEL_5/

Lately I found a 3rd method to build from source which is as follows,

Make sure you have following packges are installed or you will get errors.

libgpg-error-devel
libgcrypt-devel
libtool-ltdl
imake
autoconf
automake
libtool
OpenIPMI-devel
gdbm-devel
bison
flex
bzip2-devel
libtool-ltdl-devel
gnutls-devel
python-devel
swig
pam-devel
beecrypt-devel
sqlite-devel
lm_sensors
net-snmp
libsepol-devel
libselinux-devel
ncurses-devel
elfutils-libelf-devel
elfutils-libelf-devel-static
rpm-devel
elfutils-devel
net-snmp-devel
elfutils-devel-static
e2fsprogs-devel
gnu-crypto
cryptsetup-luks-devel
gnu-crypto-sasl-jdk1
beecrypt-python
gnu-crypto-javadoc
krb5-devel
openssl-devel
Download latest heartbeat source:

1. wget http://hg.linux-ha.org/lha-2.1/archive/STABLE-2.1.4.tar.bz2
2. uncompress the source, tar jxvf STABLE-2.1.4.tar.bz2
3. cd Heartbeat-STABLE-2-1-STABLE-2.1.4
4. ./ConfigureMe configure
5. make dist
6. tar zxvf heartbeat-2.1.4.tar.gz
7. cp .. /heartbeat-2.1.4.tar.gz /usr/src/redhat/SOURCES/
8. Build rpm packages with ‘rpmbuild -bb heartbeat.spec’
9. Step 9 will create rpm’s for you according to your machine architecture, f.e /usr/src/redhat/RPMS/i386

Install the rpms, i have my rpms under /usr/src/redhat/RPMS/i386.
rpm -ivh /usr/src/redhat/RPMS/i386/pils-2.1.4-1.i386.rpm
rpm -ivh /usr/src/redhat/RPMS/i386/stonith-2.1.4-1.i386.rpm
rpm -ivh /usr/src/redhat/RPMS/i386/heartbeat-2.1.4-1.i386.rpm

Configuration of heartbeat is a different thing, I am using heartbeat for DRBD (Distributed redundent block device), iSCSI (scsi over ip) and vip to create a storage area network, heartbeat has wide possiblities e.g. high availability of mysql, httpd etc, please read their documention.

you can contact me on anujhere@gmail.com

Anuj Singh.

The xinetd daemon is a TCP wrapped super service which controls access to a subset of popular network services including FTP, IMAP, and Telnet. It also provides service-specific configuration options for access control, enhanced logging, binding, redirection, and resource utilization control.

to integrate vsftpd with xinetd we need to take following steps.

1). Create a file /etc/xinetd.d/vsfpt with the following entries
# default: off
# description: The vsftpd FTP server serves FTP connections. It uses \
# normal, unencrypted usernames and passwords for authentication.
service ftp
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
nice = 10
#allow only 10.1.10.2 machine
only_from = 10.1.10.2
}

2). Edit your /etc/vsftpd/vsftpd.conf file and comment out line
with “listen=YES”

3). Restart or reload the xinetd service.
/sbin/service xinetd reload

Now test your configuration with
netstat -a |grep ftp

also
To avoid port conflict at boot time turn off the vsftpd service
chkconfig vsftpd off
As of now our vsftpd is integrated with xinetd make sure that xinetd
starts automatically.
chkconfig xinetd on

Anuj Singh

In new versions of linux grub( grand unified bootloader) works great. If your boot loader is corrupt or over written by dumb microsoft os there are many ways to recover e.g. using your linux boot media.

In case you don’t have any installation media, you can apply the following steps, i tried this method on redhat linux 7.1 of which I had no installation cd/dvd’s.

1. Boot from any Live linux cd such as knoppix 
2. You may not be needing GUI ( start knoppix with runlevel 1 or 2 ) use boot: knoppix 1
3. use fdisk -l to get the list of partitions.
4. mount the / partiton. (I found whole the linux on one partition). use “mount /dev/hda4 /mnt/hda4″
5. chroot /mnt/hda4
6. lilo -C /etc/lilo.conf
7. lilo -i /dev/hda1

You should not get any error, do the man lilo, and man lilo.conf to resolve any issue/error. 

after you are done, press ctrl +d , init 6, take out your knoppix media, you recoverd your old linux.

 anuj.